Threat Advisory: Zero-Day Vulnerabilities Detected On Winrar
These vulnerabilities require user interaction for exploitation.
Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.
The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.
This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.
Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.
@Engineer_Computer
These vulnerabilities require user interaction for exploitation.
Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.
The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.
This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.
Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.
@Engineer_Computer
Quick Heal Blog
THREAT ADVISORY: Zero-Day Vulnerabilities Detected on WinRAR
Zero-day vulnerabilities represent an imminent threat to cybersecurity, and in this case, two such vulnerabilities, CVE-2023-38831 and CVE-2023-40477,...
Social Engineering Attacks Target OKTA Customers To Achieve a Highly Privileged Role
Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.
The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.
The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.
@Engineer_Computer
Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.
The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.
The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.
@Engineer_Computer
Security Affairs
Social engineering attacks target Okta customers to achieve a highly privileged role
Identity services provider Okta warned of social engineering attacks carried out by threat actors to obtain elevated administrator permissions
How to Conduct a Cloud Security Assessment
A cloud security assessment evaluates an organization's cloud infrastructure for the following:
- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats
Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.
Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.
@Engineer_Computer
A cloud security assessment evaluates an organization's cloud infrastructure for the following:
- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats
Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.
Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.
@Engineer_Computer
Security
How to conduct a cloud security assessment
Is your organization's cloud deployment secure from malicious attackers? Learn how to perform a cloud security assessment to find vulnerabilities and threats.
What is Encrypted DNS Traffic?
The Trouble With Traditional DNS
Before diving into a denoscription of encrypted DNS traffic, we should probably talk about DNS traffic in general.
The Domain Name System (DNS) stands as a linchpin in our digital realm.
Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.
Universal DNS Traffic Encryption
The majority of encryption methods hinge on DNS resolvers that are configured for encryption.
However, these encryption-supporting resolvers comprise only a tiny fraction of the total.
Centralization or consolidation of DNS resolvers is a looming issue.
With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.
@Engineer_Computer
The Trouble With Traditional DNS
Before diving into a denoscription of encrypted DNS traffic, we should probably talk about DNS traffic in general.
The Domain Name System (DNS) stands as a linchpin in our digital realm.
Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.
Universal DNS Traffic Encryption
The majority of encryption methods hinge on DNS resolvers that are configured for encryption.
However, these encryption-supporting resolvers comprise only a tiny fraction of the total.
Centralization or consolidation of DNS resolvers is a looming issue.
With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.
@Engineer_Computer
groovyPost
What is Encrypted DNS Traffic?
To help protect your security and privacy, it's important to understand encrypted DNS traffic and why it matters.
Mason Tenders’ District Council data breach class action settlement
The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.
@Engineer_Computer
The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.
@Engineer_Computer
Top Class Actions
Mason Tenders’ District Council data breach class action settlement
Mason Tenders has agreed to a class action lawsuit settlement resolving claims it failed to take steps to prevent a Mason Tenders District Council data breach.
Hackers Target High-Privileged Okta Accounts via Help Desk
The hackers then access compromised accounts using anonymizing proxy services and an IP and device not previously associated with the user account "to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization," according to the post.
@Engineer_Computer
The hackers then access compromised accounts using anonymizing proxy services and an IP and device not previously associated with the user account "to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization," according to the post.
@Engineer_Computer
Dark Reading
Hackers Target High-Privileged Okta Accounts via Help Desk
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
Behnama in particular is not just a tool, but "a powerful instrument of surveillance" that is used by the Iranian government, law enforcement agencies, and military personnel, GhostSec said, noting that its intention of exposing FANAP is "in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us."
@Engineer_Computer
Behnama in particular is not just a tool, but "a powerful instrument of surveillance" that is used by the Iranian government, law enforcement agencies, and military personnel, GhostSec said, noting that its intention of exposing FANAP is "in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us."
@Engineer_Computer
Dark Reading
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
GhostSec has made the source code for what it calls a powerful surveillance tool openly available in a 26GB file, but FANAP denies its legitimacy.
United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
By late afternoon Tuesday on the East Coast, United had canceled only seven flights, well below its average of about 16 per day over the busy Labor Day weekend, according to figures from tracking service FlightAware.
However, more than 350 United flights were delayed — 13% of the carrier’s schedule, far more than rivals American, Delta and Southwest — on a day that many holiday vacationers were expected to fly home.
@Engineer_Computer
By late afternoon Tuesday on the East Coast, United had canceled only seven flights, well below its average of about 16 per day over the busy Labor Day weekend, according to figures from tracking service FlightAware.
However, more than 350 United flights were delayed — 13% of the carrier’s schedule, far more than rivals American, Delta and Southwest — on a day that many holiday vacationers were expected to fly home.
@Engineer_Computer
SecurityWeek
United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
United Airlines flights were halted nationwide on Sept. 5, because of an “equipment outage,” according to the FAA.
Ransomware and Data Breaches: Impacts Continue to Grow Louder
I often get asked these questions (and more), and the answers can take months or years to be released after an event.
In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.
@Engineer_Computer
I often get asked these questions (and more), and the answers can take months or years to be released after an event.
In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.
@Engineer_Computer
GovTech
Ransomware and Data Breaches: Impacts Continue to Grow Louder
Reports from cybersecurity companies in 2023 show mixed trends regarding the number of global data breaches, ransomware attacks, records affected and government costs. But one thing is clear: Cyber attack impacts steadily grow.
As LotL Attacks Evolve, So Must Defenses
An LotL phishing attack's initial goal is a credential harvesting page where threat actors will steal a user's email address and password.
Once logged in, they do reconnaissance within the organization (including looking through that person's inbox for opportunities to commit a business email compromise attack).
For example, if the target is in finance, the threat actor may initiate a wire transfer or reroute invoicing traffic.
If the target is not high value, threat actors will pivot and attack that user's contacts to conduct a CHA or distribute malware by replying to legitimate conversations in the inbox.
@Engineer_Computer
An LotL phishing attack's initial goal is a credential harvesting page where threat actors will steal a user's email address and password.
Once logged in, they do reconnaissance within the organization (including looking through that person's inbox for opportunities to commit a business email compromise attack).
For example, if the target is in finance, the threat actor may initiate a wire transfer or reroute invoicing traffic.
If the target is not high value, threat actors will pivot and attack that user's contacts to conduct a CHA or distribute malware by replying to legitimate conversations in the inbox.
@Engineer_Computer
Dark Reading
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
DFIR
Incident Response:
IR on Microsoft Security Incidents (KQL edition)
https://kqlquery.com/posts/kql-incident-response
@Engineer_Computer
Incident Response:
IR on Microsoft Security Incidents (KQL edition)
https://kqlquery.com/posts/kql-incident-response
@Engineer_Computer
Microsoft Security Blogs - Kusto
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Kusto Query Language (KQL) is a valuable tool to have in your incident response toolkit. This blog series is focusses on Incident Repsonse and consists of three different parts. The first blog: IR on Microsoft Security Incidents (KQL edition), describes how…
exploit
1. CVE-2023-5074:
D-Link D-View Authentication Bypass
https://github.com/codeb0ss/CVE-2023-5074-PoC
2. CVE-2023-38139:
Windows Kernel Refcount Overflow/UaF
https://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html
@Engineer_Computer
1. CVE-2023-5074:
D-Link D-View Authentication Bypass
https://github.com/codeb0ss/CVE-2023-5074-PoC
2. CVE-2023-38139:
Windows Kernel Refcount Overflow/UaF
https://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html
@Engineer_Computer
tools
Threat Research
Python Scripts to Exploit or Discover Network vulnerabilities and misconfiguration
https://github.com/aaaalmassri/Network_Hacking_Scripts
@Engineer_Computer
Threat Research
Python Scripts to Exploit or Discover Network vulnerabilities and misconfiguration
https://github.com/aaaalmassri/Network_Hacking_Scripts
@Engineer_Computer
GitHub
GitHub - aaaalmassri/Network_Hacking_Scripts: Python Prototype Scripts to Exploit or Discover Network vulnerabilities and misconfiguration.
Python Prototype Scripts to Exploit or Discover Network vulnerabilities and misconfiguration. - GitHub - aaaalmassri/Network_Hacking_Scripts: Python Prototype Scripts to Exploit or Discover Networ...
Inside the Mind of a Hacker: 2023 Edition
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
Bugcrowd
Inside the Mind of a Hacker: 2023 Edition | @Bugcrowd
Insights and trends regarding the demographics, psychographics, and motivations of hackers, focusing on the ways hackers leverage generative AI.
🔒Worried about AI-related threats? Join our panel discussion with cybersecurity experts:
- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security
... and learn practical security policies and practices to shield your clients.
https://thehacker.news/ai-llm-threats?source=social
@Engineer_Computer
- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security
... and learn practical security policies and practices to shield your clients.
https://thehacker.news/ai-llm-threats?source=social
@Engineer_Computer
thehacker.news
How vCISOs and MSSPs Can Protect their Clients from AI and LLM Related Risks
Join us to discover the tools and policies that can safeguard your business from the evolving threats of AI
⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.
Read:
https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data. Get the details:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
@Engineer_Computer
Read:
https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data. Get the details:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
@Engineer_Computer
🔒 Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.
Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html
🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html
@Engineer_Computer
Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html
🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html
@Engineer_Computer
Blue Team Techniques
1. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
2. Scanner for CMS Joomla CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752
@Engineer_Computer
1. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
2. Scanner for CMS Joomla CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752
@Engineer_Computer
GitHub
GitHub - ErikWynter/CVE-2023-22515-Scan: Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence - ErikWynter/CVE-2023-22515-Scan
🔑 Default password-free sign-ins for everyone. Google introduces passkeys for all users, simplifying your online security.
Learn all about it:
https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
Read:
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Upgrade to the latest versions ASAP to safeguard your data and systems.
@Engineer_Computer
Learn all about it:
https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
Read:
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Upgrade to the latest versions ASAP to safeguard your data and systems.
@Engineer_Computer
Network Security Channel
@Engineer_Computer
Inside the Mind of a Hacker: 2023 Edition
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
Bugcrowd
Inside the Mind of a Hacker: 2023 Edition | @Bugcrowd
Insights and trends regarding the demographics, psychographics, and motivations of hackers, focusing on the ways hackers leverage generative AI.